Red Hat JBoss BPMS CVE-2016-6343 Cross Site Scripting Vulnerability

Red Hat JBoss BPMS is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.


Bugtraq ID: 96987
Class: Input Validation Error
CVE: CVE-2016-6343

Remote: Yes
Local: No
Published: Mar 16 2017 12:00AM
Updated: Mar 21 2019 06:00AM
Credit: Jeremy Choi (Red Hat Product Security Team)
Vulnerable: Redhat JBoss Middleware Text-Only Advisories for MIDDLEWARE 0
Redhat Jboss Bpm Suite 6.3.3
Redhat Jboss Bpm Suite 6.3.2
Redhat Jboss Bpm Suite 6.3.1
Redhat Jboss Bpm Suite 6.3.0
Redhat Jboss Bpm Suite 6.0.0

Not Vulnerable: Redhat Jboss Bpm Suite 6.4.2


To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.

Related Posts